Cyber Security Awareness

CYBER SECURITY AWARENESS Innocent Korie @innokorie September 2021

WHAT IS CYBERSECURITY WHY CYBERSECURITY AWARENESS CYBER CRIME MOTIVES CYBER THREATS OVERVIEW PASSWORD PROTECTION SAFE CYBER HABITS AND HYGIENE OUTLINE

What is Cybersecurity? Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security or computer security.

Three Pillars of Cybersecurity Cyber security is a framework that evolves and adapts to a situation and includes oversight, prevention, and maintenance Cyber security is therefore broken down into three main pillars: people, processes, and technology .

Three Pillars of Cybersecurity People: People naturally is the pillar that has the most amount of risk associated with it, as human error and human intervention is more difficult to predict and guarantee than systems and software. Training, awareness and resources are therefore key Process: Processes and policy help provide the framework for governance and also define procedures that can be measured over time. Processes inform an IT department’s preventative and responsive controls. Technology : Technology is the hardware and software that departments use to achieve reliable cyber security. The IT personal build processes around technology so as to protect IT infrastructure.

Key Cybersecurity Concept Organizations develop and implement an information security policy to impose a uniform set of rules for handling and protecting essential data. Most IT security policies focus on protecting three key aspects of data and information: confidentiality, integrity, and availability . These are often referred to as the CIA triad concept of information security.

Key Cybersecurity Concept Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Availability means information should be consistently and readily accessible for authorized parties.

Why is cybersecurity awareness important? Technology alone cannot protect you from everything Attackers go where security is weakest Humans -> a link in the chain & the last first line of defence Essential to reducing cybersecurity risk Cybersecurity awareness is for...everyone Security: We must protect our computers, smart devices and data in the same way that we secure the doors to our homes and offices. We must take along our offline security mindset to the online space. Safety: We must behave in ways that protect us against risks and threats that come with technology.

Cybersecurity is not about computers but about behaviour I am not important, and no one will find me I don’t have anything anyone would want to steal I can’t stop them even if I want to. Cyber Security Erroneous beliefs You are exactly what an attacker wants!

Cyber Crime Motives Source: Raconteur Ransom (Financial Gain) (41%) Insider threat (27%) Political reasons (26%) Competition (26%) Cyberwar (24%) Angry user (20%) Motive unknown (11%)

PHISHING MALWARE DISTRIBUTED DENIAL OF SERVICE MAN-IN-THE-MIDDLE ATTACK Cyber crooks are online daily, monitoring and seeking victims to attack. There are basic strategies that they apply to get a victim started in their lead to strike. So as an Internet user, it is important you have an idea of the prevailing approach and how to safeguard yourself. SPAM Cyber Threat Overview SOCIAL ENGINEERING VIRUS TROJAN HORSE WORMS

Social engineering Social engineering attacks involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data. It applies to the use of deception to gain information or manipulate people into performing actions or divulging confidential information. Some forms of Social Engineering including Phishing, Spam messaging, tailgating, pretexting etc 12 Phone Call: This is John, the System Administrator. What is your password? In Person: What ethnicity are you? Your mother’s maiden name? I have come to repair your machine… and have some lovely software patches!

Phishing Phishing is a way of extracting personal information by using deceptive email and website link. It is one of the most used methods of cyber-attack. The attacker sends an email which is disguised to be from a trusted source -it can read from your bank, a company you deal with or a trusted friend or colleague. The email would always have a link you will need to click or an attachment to download. And the tone of the email will always be that of urgency – making you believe it is something you need to do and you must do it right now.

Phishing How to Identify a phishing email Fake sender domain Suspicious subject Generalised greeting Poor grammar Must have a link for you to click

Phishing: How to Avoid Being a Victim Point your mouse momentarily to the senders email address, the real email address from where the email came from will be revealed. Most times you will notice it is not coming from the source being branded in the email If there is link to click, may be for an offer, do not click the link. Type in the website address of your bank on a web browser to confirm if they have such offer and if it is a request for your login details kindly ignore the mail, delete it or reach out directly to your bank via phone or possibly a visit. Never be in a hurry to respond. In the event of you receiving an email mimicking for instance, an email from your bank, you should do the following.;

Spam A spam is an unsolicited message sent in bulk, that is to many persons at same time, over the internet or through any electronic messaging system. Spamming is a method where by the fraudster sends a message either by email, SMS or chat, dangling a reward, most times so good to be true. The message will solicit that user fill out a form, send back a code, or signup in other to receive something or avert a danger. Anyone who responds to a spam email or message, will likely give away information which the cyber crook uses for immediate or future attack.

Spam Email spam – Those emails that clog-up your mail box sometimes preventing you from seeing relevant emails Social media spam – This is where a spammer throw around accounts on social media to connect to prospective victims. You must have received friend requests on Facebook from a profile posing to be a custom officer or on Twitter, getting followed by several related handles, all at the same time. These are examples of spam accounts. There are several forms of spam messages

SPAM Mobile Spam – These are SMS spam messages, always sent as bulk SMS to random phone numbers. The message would either request recipient to send back a code, or call a number to avert imminent danger or to key into a ‘too good’ offer. Never respond to any message from an unknown person claiming to offer you a contract or help or asking you send back a code. Sometimes, the sender would claim to have mistakenly entered your number for a sign on and request you send them a code you received by SMS. This is a pointer that if you respond, you will fall victim. When you get a spam message or call;

Malware : ( Malicious software ) M alware is collective name for codes developed by cyber attackers, typically designed to cause extensive damage to computer system and data or to gain unauthorized access to a network. Malware codes are delivered in different ways. The payload delivery format results to the different forms of malware. Forms of Malware include Virus, Worms, Trojan Horse, Ransomware, and spyware

Malware Virus: This is the most common type of malware that can execute itself and spread by infecting other programs or files. V iruses attach their malicious code to clean code and wait for an unsuspecting user or an automated process to execute them, causing damage to the core system file Worm: Worms get their name from the way they infect systems. They can self-replicate without a host program and typically spreads without any human interaction or directives from the malware authors . Starting from one infected machine, they weave their way through the network.

Malware Spyware, as its name suggests, is designed to spy on what a user is doing. Hiding in the background on a computer, this type of malware will collect information without the user knowing, such as credit card details, passwords and other sensitive information. Trojan horse is designed to appear as a legitimate software program to gain access to a system. It derived its name from Greek soldiers, hid in a giant horse to deliver their attack. Acting discretely, it will breach security by creating backdoors that give other malware variants easy access.

Malware Ransomware is designed to infect a user's system and encrypt its data. Cybercriminals then demand a ransom payment from the victim in exchange for decrypting the system's data. Also known as scareware, ransomware comes with a heavy price. It is able to lockdown networks and lock out users until a ransom is paid, ransomware has targeted some of the biggest organizations in the world.

Man-In-The-Middle Attack An attacker pretends to be your final destination on the network or your link to a service, e. g Internet access. When a person tries to connect to a specific destination, an attacker can mislead him to a different service and pretend to be that network access point or server. Example is a Rogue Access Point

Distributed Denial of Service Attack (DoS) A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target with a flood of Internet traffic. DDoS attacks are carried out with networks of Internet-connected machines. Suspicious amounts of traffic originating from a single IP address or IP range A flood of traffic from users who share a single behavioural profile, such as device type, geolocation, or web browser version

Distributed Denial of Service Attack (DoS)

PASSWORD PROTECTION Password is the digital equivalent of a key to a lock fixed to your home or office – a security system Password protection allows only those with an authorized password to gain access to certain information. Passwords are a first line of defence against cyber security compromise. And one of the most important ways to prevent information security breaches is the use of a strong password.

PASSWORD PROTECTION Passwords compromise is a potentially major source of cyber security headache for any individual or organization that uses computer systems or has presence online. Most hacking cases involves compromised passwords and most times because these password were simple to guess. Applying a sound password protection policy is essential for a safer Internet presence. Pay attention to the following rules of the thumb regarding passwords;

Password Protection checklist In Creating Passwords Avoid using personal information like birthday, address, anniversary, pet name or any easy to guess information Use a long phrase that is easy to remember but difficult to guess. It could be a favourite line from a book. Length is better than complex. R andomly include symbols, capitalising and numbers with the letters. Enable 2-factor Authentication (2FA) 2 FA requires two different methods to ‘prove’ your identity before you get granted access. Many of the services you use today—social networks, banks etc—offer an added layer of protection, use it.

Password Protection checklist 3. Use Password Manager Password manager is an online tool that auto-generate and store strong passwords on your behalf. P asswords are stored in an encrypted, centralised location which is only accessible via a ‘master’ password. R ather than having to memorize dozens of meticulously crafted passwords, you just have one master password to remember. 4 . Use Different Passwords for Different Applications Every online application should have a different password. M ake sure that you do not reuse passwords across different accounts. If you do, when one account is compromised, the rest is prone to be hacked.

Pattern Calculation Result Time to Guess Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 26 4 5x10 5 8 chars: lower case alpha 26 8 2x10 11 8 chars: alpha 52 8 5x10 13 8 chars: alphanumeric 62 8 2x10 14 3.4 min. 8 chars alphanumeric +10 72 8 7x10 14 12 min. 8 chars: all keyboard 95 8 7x10 15 2 hours 12 chars: alphanumeric 62 12 3x10 21 96 years 12 chars: alphanumeric + 10 72 12 2x10 22 500 years 12 chars: all keyboard 95 12 5x10 23 16 chars: alphanumeric 62 16 5x10 28 Password Cracking: Dictionary Attack and Brute Force

SAFE CYBER HABITS L ook, pause, confirm before you click B e mindful of the links you click on while surfing the Internet. A click on a malicious link can lead you to chains of agony. Know the difference between a secure site and an unsecure site. (http:// and https://) Avoid “click bait” headlines or promo popups that are too good to be true. 2. K eep your software and applications up to date. An updated version of an application would among other features, tighten the security features so as to keep users free from backdoor hackers. E nsure to install licenced software and that you get your mobile app from trusted sites/stores. Avoid pirated software, they can expose you to hackers. So next time you get a prompt for software update, ensure you install the update.

SAFE CYBER HABITS 3. U se up to date Antivirus S oftware on your devices. An antivirus software is a utility software that is installed on a computer or mobile device with aim of protecting the device from virus, trojans, spyware and spam attacks Ensure you install an original licensed antivirus or internet security software. Keep your virus software and virus database updated daily. You can set your antivirus update feature to automatic to guarantee a transparent update. 4. Always log out from sites/portals when you are done using them. Signing on to an account online is more like unlocking a personal safe or your home. And to not log out when you are done using that platform is more like leaving your home wide open and going out. You know definitely it will take luck for you not to be rubbed If you must leave any of your accounts logged on, ensure it is on your personal device, and that your device security lock in enabled.

SAFE CYBER HABITS 5. Limit the personal information your share online The way you cannot physically hand over your personal information to a total stranger, except you get to know the person, so also you should limit the personal information you share with millions of persons online especially on your social media accounts. N o matter how well you may think you know the person you met online, you cannot really be sure of who they are and how dangerous they can be. Keep your online accounts privacy settings enabled and regularly updated. Privacy settings are control buttons provided within your browser or an online account, which you can use to define your information sharing boundaries online. Most browsers and social media platforms have provision for privacy and security settings. W ith your privacy setting properly configured, you can limit who can have access to your shared information.

SAFE CYBER HABITS 7. R egularly clear your browser cache and cookies. A Cooky is a file attached to your browser by websites so as to record your browsing history T hrough cookies, your social media, email and many other services can easily be compromised. Cached data on your system/device helps for faster browsing experience but it can also be an avenue for housing malware on your system 8. Do not use public Wi-Fi always use private Wi-Fi. Public Wi-Fi networks like the ones at restaurants, parks, airport etc, are very unsecure. Hackers can latch on the network in other to gain unauthorised access to your system. If you happen to always be on the go, try and use a VPN service or software to encrypt your data.

ANY QUESTION

Cyber Security Awareness

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Cyber Security Awareness

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx